Open elevran opened 4 months ago
the ROI on this is low: some risk, low reward (having predefined data fields in secrets and clearer secret type).
Pushing out on fixing this to later with lower priority.
Changes are needed in documentation and YAML templates (mostly adding type: kubernetes.io/tls
and changing cert
and key
to tls.cert
and tls.key
in secrets. Mount paths need to change accordingly)
Currently all ClusterLink secrets are created as type
Opaque
:Typically, certificates (such as
cl-peer
) should be usingSpec.SecretType: SecretTypeTLS
. These have predefined fields for certificate and key.Search for
SecretTypeTLS
in corev1 and the kubectl documentation.The change should affect the
clusterlink
CLI and any manual deployment documentation (if present).